pdfbox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PDFBOX-4626) ArrayIndexOutOfBounds exceptions in CmapSubtable parsing
Date Fri, 09 Aug 2019 04:35:00 GMT

    [ https://issues.apache.org/jira/browse/PDFBOX-4626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16903561#comment-16903561
] 

ASF subversion and git services commented on PDFBOX-4626:
---------------------------------------------------------

Commit 1864754 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1864754 ]

PDFBOX-4626: avoid ArrayIndexOutOfBoundsException

> ArrayIndexOutOfBounds exceptions in CmapSubtable parsing
> --------------------------------------------------------
>
>                 Key: PDFBOX-4626
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4626
>             Project: PDFBox
>          Issue Type: Bug
>          Components: FontBox
>    Affects Versions: 3.0.0 PDFBox
>         Environment: openjdk version "1.8.0_212" 
> OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b03) 
> OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b03, mixed mode) 
> MacOS Mojave
>  
>            Reporter: Alex Rebert
>            Priority: Minor
>         Attachments: fontbox-exceptions-2.zip
>
>
> {{TTFParser.parse}} can lead to ArrayIndexOutOfBounds exceptions when parsing malformed inputs.
> *Steps to repro*
>  # Create & compile Main.java: 
> {code:java}
> import org.apache.fontbox.ttf.TTFParser;
> class Main {
>   public static void main(String[] args) throws Throwable {
>     (new TTFParser()).parse(System.in);
>   }
> }{code}
>  * Download the attached inputs and extract them.
>  * For each input, run {{cat <input> | java -cp 'jars/*' Main}} to reproduce
the exceptions, where `jars` is a folder containing the pdfbox jars.
> *Stacktraces*
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.CmapSubtable.processSubtype13.320 | java -cp 'jars/*'
Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
> at org.apache.fontbox.ttf.CmapSubtable.processSubtype13(CmapSubtable.java:320)
> at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:114)
> at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:377)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.CmapSubtable.processSubtype8.192 | java -cp 'jars/*'
Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
> at org.apache.fontbox.ttf.CmapSubtable.processSubtype8(CmapSubtable.java:192)
> at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:105)
> at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:377)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.CmapSubtable.processSubtype8.167 | java -cp 'jars/*'
Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 8192
> at org.apache.fontbox.ttf.CmapSubtable.processSubtype8(CmapSubtable.java:167)
> at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:105)
> at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:377)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> The files were generated by fuzzing and are (probably) not valid TTF files. This is a
follow-up to PDFBOX-4622. I fuzzed fontbox again after applying the patch from that issue
(revision https://svn.apache.org/repos/asf/pdfbox/trunk@1864677).



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org


Mime
View raw message